• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Anti-Spam Package (dspam or SpamAssasin)

Scheduled Pinned Locked Moved Expired/Withdrawn Bounties
27 Posts 11 Posters 44.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • I
    illizit
    last edited by Aug 23, 2011, 4:46 AM

    Hello,

    After running into issues with spamd, I would like to have a package that has a true SpamFilter (not greylisting). I think running SpamAssasin or dspam would be a great contribution towards pfsense and would make it a complete UTM (with the other packages that are already included).

    I'm willing to contribute $300 towards this project.

    1 Reply Last reply Reply Quote 0
    • W
      wallabybob
      last edited by Aug 23, 2011, 9:40 PM

      I'm not familiar with the details of any of these packages mentioned.

      The FreeBSD man page for spamd says it is a daemonized version of spamassassin so if spamd doesn't do what you want how would spamassassin help?

      dspam is already available as a FreeBSD package so should be able to be installed by pkg_add. You are also looking for a GUI interface?

      1 Reply Last reply Reply Quote 0
      • I
        illizit
        last edited by Aug 24, 2011, 1:47 AM

        The spamd package included in pfsense is not the daemonized version of spamassassin. It is a tar-pit (graylisting) fake SMTP server that throttles SMTP connections in an attempt to catch spammers. Nothing like SpamAssasin (although I did see the package you are referring to which I do not know why it wasn't included in Pfsense). The spamd package included in Pfsense is similar to the package spamd for OpenBSD. I guess they ported it from there.

        I have not tried installing dspam manually, I rather have the GUI able to manage it, view logs, etc.

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Aug 31, 2011, 4:34 PM

          There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.

          You'd realistically be looking at a several thousand dollars to have someone do that properly.

          (And I still wouldn't want to run that on my firewall… :-)

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • B
            Bai Shen
            last edited by Aug 31, 2011, 4:59 PM

            @jimp:

            There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.

            You'd realistically be looking at a several thousand dollars to have someone do that properly.

            (And I still wouldn't want to run that on my firewall… :-)

            That doesn't sound right.  I know there was a SpamAssassin package for IPCop and I don't think it runs a mail server.

            It seems like there should be a way to scan and mark the emails.  Like what Untangle or IPCop with the above mentioned package do.

            1 Reply Last reply Reply Quote 0
            • J
              jimp Rebel Alliance Developer Netgate
              last edited by Aug 31, 2011, 5:21 PM

              Sorry, but you are not correct.

              I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.

              Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.

              It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • B
                Bai Shen
                last edited by Aug 31, 2011, 5:46 PM

                @jimp:

                Sorry, but you are not correct.

                Won't be the first nor last time. :)

                I have setup spamassassin on mail servers before, and run it in a couple locations. SpamAssassin on its own is not a mail server, cannot accept messages, it cannot send them out, it requires another program to feed it the messages and then deal with the result. A common way is via something like amavisd, which is essentially a mail server (rather, an MTA, to be more precise). Other places run it through scripts hooked in from postfix/exim/sendmail/etc.

                Something has to accept the entire message, then let spamassin scan it, and then based on that result, send it to your mail server.

                It can't just grab the traffic stream, scan it live, and then forward/reject it after the whole message has been received, not without a program receiving the message and forwarding it to your internal mail server. If it scanned the stream as it flowed through the message would already be delivered to your mail server by the time SpamAssassin scanned it. That just isn't how it works.

                I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

                1 Reply Last reply Reply Quote 0
                • J
                  jimp Rebel Alliance Developer Netgate
                  last edited by Aug 31, 2011, 6:02 PM

                  @Bai:

                  I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

                  In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.

                  Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • B
                    Bai Shen
                    last edited by Aug 31, 2011, 6:59 PM

                    @jimp:

                    @Bai:

                    I've only done Spamassassin in between my POP server and my local client.  In those cases, it simply marked messages with a SPAM tag.  So it wasn't rejecting anything, but making it easier for the client to do filtering.

                    In that kind of case, it's the client downloading the message, feeding it through SA, and then injecting the result into your mailbox (more or less). Or it's a proxy where something pulls the messages, lets SA scan them, and then your client gets the results from the proxy. There are some other variations but that's the basic method.

                    Much different than doing it in between two mail servers that have to obey proper standards/protocols for delivering mail to each other.

                    I believe IPCop and Untangle use the proxy method.  And honestly, that's all I really need from pfSense.  Not sure about the OP.

                    1 Reply Last reply Reply Quote 0
                    • J
                      jimp Rebel Alliance Developer Netgate
                      last edited by Aug 31, 2011, 7:03 PM

                      If they proxy POP3/IMAP then that's one thing, and wouldn't work with SSL/TLS. Proxying SMTP is entirely different. Not sure if that's even feasible in this kind of scenario with a proxy of sorts.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • D
                        dhatz
                        last edited by Aug 31, 2011, 7:39 PM Aug 31, 2011, 7:37 PM

                        I have been running SpamAssassin since several years with various MTAs (in recent years mostly with Postfix) together with ClamAV anti-virus and various other tools that enhance SA's effectiveness.

                        In my experience such a system really needs to be a full-blown mail-server to do the job. It is not something I would want to run on a router/firewall.

                        1 Reply Last reply Reply Quote 0
                        • ?
                          Guest
                          last edited by Sep 1, 2011, 12:19 AM

                          For clarification, the IPCop SPAM filter uses ProxSMTP to proxy SMTP traffic and pass it off to spamassassin.  It also uses p3Scan to prox pop3 connections.  In fact, in looking at the Copfilter plugin, it looks like they use half a dozen little proxy programs to proxy different protocols, pass them off to ClamAV and/or Spamassassin.  I would expect this kind of system to be exceptionally messy, resource intensive and not at all appropriate for a firewall.  Its one thing to use a small amount of CPU to stem the tide of spam waves using a greylisting daemon, and quite another to be proxying, queing, scanning and rejecting|forwarding|dropping all of these kinds of connections.

                          Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly.  Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.

                          1 Reply Last reply Reply Quote 0
                          • M
                            Metu69salemi
                            last edited by Sep 1, 2011, 3:56 AM

                            And when this is done by firewall you have usually no possibility to have those attachments or what ever is going to get proxied off.
                            Like in these little redboxes(what are greatly used also in pfsense environment) those can proxy a smtp trafic, but when it kicks in, no one can get those mails nor attachments.

                            1 Reply Last reply Reply Quote 0
                            • B
                              Bai Shen
                              last edited by Sep 1, 2011, 12:27 PM

                              What about those of us who aren't running a mail server and want SpamAssassin for marking our pop3 mail as it comes in?  What would you recommend?

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by Sep 18, 2011, 11:21 PM Sep 18, 2011, 8:21 PM

                                @jimp:

                                There is a big difference in configuring a greylisting daemon and configuring a full spam filter package. An actual spam filter package would involve running a full mail server on the firewall, plus all of the spam scanning software, plus coming up with some kind of GUI for it, and a way to manage not only the global spam filter settings but probably per-address options, and updating the spamassassin rules, etc, etc.

                                You'd realistically be looking at a several thousand dollars to have someone do that properly.

                                (And I still wouldn't want to run that on my firewall… :-)

                                I like the idea of 'several thousand dollars'  ;)

                                I'm working on it and I agree that firewall is not the best place for a antispam system, but you can put it on another pfSense box/vm and use the same great pfSense GUI/rules to configure it.

                                What is done:
                                First stage antispam checks:

                                • Detect zombies

                                • check RBL

                                • check SPF

                                Second stage antispam check:

                                • Subject

                                • Valid Recipients

                                • Valid Domains

                                • Body Content

                                • Attachment types

                                What is almost done:
                                Third stage antispam checks(high cpu usage):

                                • Mailscanner

                                • SpamAssassin

                                • Clamav

                                • pyzor

                                If any one are willing to contribute with the project, the time has come.

                                @submicron:

                                Not surprisingly, I agree with jimp on this, such a package would require several thousand dollars at least and probably closer to ten thousand to do anything close to correctly.  Even then, it would require herculean effort to keep up to date and would never be appropriate for anything more than a small network.

                                Yes it is difficult but not impossible. Many checks nowadays are based on sourceip or live lists(white, gray,black,etc).
                                Spamd just like the two biggest commercial antispam tools use a mundial database for ip reputation and other mail stuff.
                                pyzor can check a global server too.
                                I`m planning that sa-update will be updated via cron.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • marcellocM
                                  marcelloc
                                  last edited by Dec 5, 2011, 12:43 PM

                                  Mailscanner + clamav + spamassassin with postfix integration is done.

                                  I'm using freebsd 8.2 packages. Testing for 5 days with no issues.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • JackLJ
                                    JackL
                                    last edited by Dec 7, 2011, 11:48 PM

                                    marcello,

                                    Congratulations for you work with this package.

                                    you prove that we can develop technology in Brazil, not just consume. We have many good developers and people involved with free software!

                                    [] 's
                                    Jack

                                    Treinamentos de Elite: http://sys-squad.com
                                    Soluções: https://conexti.com.br

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      Bai Shen
                                      last edited by May 15, 2012, 12:08 AM

                                      @marcelloc:

                                      Mailscanner + clamav + spamassassin with postfix integration is done.

                                      I'm using freebsd 8.2 packages. Testing for 5 days with no issues.

                                      How are things working?  Still no problems?

                                      Have you looked at making a pfsense package to do this automatically?

                                      Thanks.

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by May 15, 2012, 2:11 AM

                                        @Bai:

                                        How are things working?  Still no problems?
                                        Have you looked at making a pfsense package to do this automatically?

                                        Yes, I've it working for months.

                                        Just install the package.

                                        If you prefer, test it on a virtual machine first.

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          Bai Shen
                                          last edited by May 17, 2012, 1:26 AM

                                          @marcelloc:

                                          @Bai:

                                          How are things working?  Still no problems?
                                          Have you looked at making a pfsense package to do this automatically?

                                          Yes, I've it working for months.

                                          Just install the package.

                                          If you prefer, test it on a virtual machine first.

                                          What's the name of the package?  I looked in the list and didn't see it.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                            This community forum collects and processes your personal information.
                                            consent.not_received